cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
Threat actors misuse Node.js to deliver malware and other malicious payloads | Microsoft Security Blog
Threat actors misuse Node.js to deliver malware and other malicious payloads | Microsoft Security Blog
Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration.
·microsoft.com·
Threat actors misuse Node.js to deliver malware and other malicious payloads | Microsoft Security Blog
1961406 - SSL.com: DCV bypass and issue fake certificates for any MX hostname
1961406 - SSL.com: DCV bypass and issue fake certificates for any MX hostname
SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that domain
·bugzilla.mozilla.org·
1961406 - SSL.com: DCV bypass and issue fake certificates for any MX hostname
Microsoft Warns of Node.js Abuse for Malware Delivery
Microsoft Warns of Node.js Abuse for Malware Delivery
In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads. Microsoft on Tuesday issued a warning over the increasing use of Node.js for the delivery of malware and other malicious payloads. The tech giant has been seeing such attacks aimed at its customers since October 2024 and some of the observed campaigns are still active in April 2025.
·securityweek.com·
Microsoft Warns of Node.js Abuse for Malware Delivery
The Ever-Evolving Threat of the Russian-Speaking Cybercriminal Underground | Trend Micro (US)
The Ever-Evolving Threat of the Russian-Speaking Cybercriminal Underground | Trend Micro (US)
We dive into one of the most sophisticated and impactful ecosystems within the global cybercrime landscape. Our research looks at tools and techniques, specialized forums, popular services, plus a deeply ingrained culture of secrecy and collaboration.
·trendmicro.com·
The Ever-Evolving Threat of the Russian-Speaking Cybercriminal Underground | Trend Micro (US)
BreachForums taken down by the FBI? Dark Storm hackers say they did it “for fun”
BreachForums taken down by the FBI? Dark Storm hackers say they did it “for fun”
The notorious BreachForums online hacker marketplace appears to have been seized yet again. This time, it has been claimed by fellow hacktivst gang the Dark Storm Team – the same group believed responsible for last month’s massive outage of Elon Musk’s X. It all coincides with rumors swirling on social media Tuesday about the arrest of “IntelBroker,” one of BreachForums’ major players. The pro-Palestinian hacktivist group posted about the Breached takeover on its Dark Storm Team telegram channel early Tuesday morning (ET), claiming to have carried out the distributed denial-of-service (DDoS) attack “for fun.”
·cybernews.com·
BreachForums taken down by the FBI? Dark Storm hackers say they did it “for fun”
Funding Expires for Key Cyber Vulnerability Database
Funding Expires for Key Cyber Vulnerability Database
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract…
·krebsonsecurity.com·
Funding Expires for Key Cyber Vulnerability Database
Conduent confirms data breach impact on clients’ details
Conduent confirms data breach impact on clients’ details
American business service behemoth Conduent has confirmed the January data breach resulted in hackers stealing customer details, although there’s no evidence that the info was leaked online. The attack hit the company in mid-January this year, Conduent confirmed on a FORM-8K filing with the SEC. Attackers penetrated digital defenses and accessed a “limited portion” of Conduent’s environment. Several of Conduent’s clients experienced disruption in the initial days of the attack. For example, Wisconsin’s Department of Children and Families said the outage impacted payees who receive their payments via an electronic transfer system.
·cybernews.com·
Conduent confirms data breach impact on clients’ details
"Rejoignez-nous" : ce que révèle le procès de deux agents de Wagner sur leur activité en Europe
"Rejoignez-nous" : ce que révèle le procès de deux agents de Wagner sur leur activité en Europe
Un tribunal de Cracovie a condamné le 14 février deux Russes pour leur campagne de recrutement pour Wagner. Une opération directement pilotée depuis la Russie. Les détails du procès permettent de comprendre les contours de la "guerre hybride" que mène Moscou à l'Europe. - "Rejoignez-nous" : ce que révèle le procès de deux agents de Wagner sur leur activité en Europe (International).
·tf1info.fr·
"Rejoignez-nous" : ce que révèle le procès de deux agents de Wagner sur leur activité en Europe
SSL/TLS certificates will last 47 days max by 2029
SSL/TLS certificates will last 47 days max by 2029
CA/Browser Forum – a central body of web browser makers, security certificate issuers, and friends – has voted to cut the maximum lifespan of new SSL/TLS certs to just 47 days by March 15, 2029. Today the certificates, which underpin things like encrypted HTTPS connections between browsers and websites, are good for up to 398 days before needing to be renewed. Apple put out a proposal last year to cut the maximum time between renewals, and got support from Big Tech pals. Their argument being that shorter renewal periods mean compromised or stolen certificates can be abused for at the most days or weeks rather than months before expiring. On the one hand, that may mean more purchases from certificate issuers for cert holders; on the other, Let's Encrypt provides perfectly good certificates for free and also helps automate the renewal process.
·theregister.com·
SSL/TLS certificates will last 47 days max by 2029
Hack The Sandbox: Unveiling the Truth Behind Disappearing Artifacts - Researcher Blog - ITOCHU Cyber & Intelligence Inc.
Hack The Sandbox: Unveiling the Truth Behind Disappearing Artifacts - Researcher Blog - ITOCHU Cyber & Intelligence Inc.
Introduction About Windows Sandbox Windows Enable Windows Sandbox Default user Windows Defender settings Configuration file (.wsb) Virtual Hard Disk (VHDX) The attack methods Emerging threats Monitoring and Investigation for Windows Sandbox Monitoring Monitoring for host machine and network Monitori…
·blog-en.itochuci.co.jp·
Hack The Sandbox: Unveiling the Truth Behind Disappearing Artifacts - Researcher Blog - ITOCHU Cyber & Intelligence Inc.
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
Analysis of Threat Actor Activity
Analysis of Threat Actor Activity
Fortinet diligently balances our commitment to the security of our customers and our culture of responsible transparency and commits to sharing information with that goal in mind. While efforts by threat actors to exploit known vulnerabilities are not new, recent Fortinet investigations have discovered a post exploitation technique used by a threat actor. This blog offers analysis of that finding to help our customers make informed decisions.
·fortinet.com·
Analysis of Threat Actor Activity
Exploitation of CLFS zero-day leads to ransomware activity
Exploitation of CLFS zero-day leads to ransomware activity
Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia. Microsoft released security updates to address the vulnerability, tracked as CVE-2025-29824, on April 8, 2025.
·microsoft.com·
Exploitation of CLFS zero-day leads to ransomware activity
Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs - Ars Technica
Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs - Ars Technica
Even weirder: Why would Google give so many the "Featured" stamp for trustworthiness? Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed them and that their developers have taken pains to carefully conceal.
·arstechnica.com·
Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs - Ars Technica
Searching for something unknow
Searching for something unknow
After the release of the Secure Annex ‘Monitor’ feature, I wanted to help evaluate a list of extensions an organization I was working with had configured for monitoring. Notifications when new changes occur is great, but in security, baselines are everything! To cut down a list of 132 extensions in use, I identified a couple extensions that stuck out because they were ‘unlisted’ in the Chrome Web Store. Unlisted extensions are not indexed by search engines and do not show up when searching the Chrome Web Store. The only way to access the extension is by knowing the URL.
·secureannex.com·
Searching for something unknow
Darknet’s Xanthorox AI Offers Customizable Tools for Hacker
Darknet’s Xanthorox AI Offers Customizable Tools for Hacker
A self-contained AI system engineered for offensive cyber operations, Xanthorox AI, has surfaced on darknet forums and encrypted channels. Introduced in late Q1 2025, it marks a shift in the threat landscape with its autonomous, modular structure designed to support large-scale, highly adaptive cyber-attacks. Built entirely on private servers, Xanthorox avoids using public APIs or cloud services, significantly reducing its visibility and traceability.
·infosecurity-magazine.com·
Darknet’s Xanthorox AI Offers Customizable Tools for Hacker
ESET Vulnerability Exploited for Stealthy Malware Execution - SecurityWeek
ESET Vulnerability Exploited for Stealthy Malware Execution - SecurityWeek
A vulnerability impacting multiple ESET products has been exploited by an APT group to load malicious DLL libraries and silently deploy malware, Kaspersky reports. The issue, tracked as CVE-2024-11859, is described as a DLL search order hijacking flaw that could be exploited by attackers with administrative privileges for arbitrary code execution.
·securityweek.com·
ESET Vulnerability Exploited for Stealthy Malware Execution - SecurityWeek
Suspected Scattered Spider Hacker Pleads Guilty
Suspected Scattered Spider Hacker Pleads Guilty
A 20-year-old man believed to be a member of the cybercrime ring known as Scattered Spider has pleaded guilty to charges brought against him in Florida and California. Noah Urban of Palm Coast, Florida, was arrested in January 2024 and charges against him were unsealed by US authorities in November 2024, when four others believed to be members of Scattered Spider were named.
·securityweek.com·
Suspected Scattered Spider Hacker Pleads Guilty
Gamaredon's Evolving Cyber Threats: A Closer Look
Gamaredon's Evolving Cyber Threats: A Closer Look
The Russian hacking group known as Gamaredon, or “Shuckworm,” has been making headlines with its sophisticated cyberattacks targeting Western military missions. This group has evolved its tactics, techniques, and procedures (TTPs) to enhance stealth and effectiveness, transitioning from Visual Basic Script (VBS) to PowerShell-based tools. PowerShell is a task automation framework from Microsoft, often used by attackers to execute commands and scripts on Windows systems. This shift, as reported by Symantec, highlights their strategic move to obfuscate, or hide, payloads and leverage legitimate services for evasion. Gamaredon’s recent campaigns have notably involved the use of malicious removable drives, targeting Western military missions in Ukraine with .LNK files that initiate infections upon execution. These developments underscore the group’s persistent threat to geopolitical entities, particularly those related to the Ukrainian military.
·thedefendopsdiaries.com·
Gamaredon's Evolving Cyber Threats: A Closer Look